Oracle plans huge security update this week - DotTechnologies

Monday, 16 January 2012

Oracle has planned a huge swathe of security updates for Tuesday this week, with 78 vulnerabilities among the hundreds of its products slated to be patched.
Oracle said in a security update that vulnerabilities will be addressed in the Oracle Database Server, Fusion Middleware, E-Business suite, Supply Chain, PeopleSoft, JD Edwards, Virtualization, Sun and MySQL products.

Enterprises will be keen to test and install the patches as soon as possible, as some of the vulnerabilities could allow cyber attackers to infiltrate corporate databases and steal valuable data.

The firm admitted that, until patched, the vulnerabilities in the Oracle Database Server may enable attackers to remotely access the database without the need for a username and password.

 It added that these fixes are only applicable to installations that involve the Oracle Database Server itself, rather than client-only installations.

There are also five vulnerabilities in Oracle Fusion Middleware that could allow unauthenticated database access, and one in Oracle's JD Edwards platform.

However, it is MySQL that has the largest number of security flaws to be addressed by the patch, with 27. Oracle said that one of these can be exploited over a network without the need for a username or password.

Oracle recommended that the updates be applied as quickly as possible.

"Some of the vulnerabilities addressed in this Critical Patch Update affect multiple products," it said.

"Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible."

Readmore: http://www.computing.co.uk/ctg/news/2137695/oracle-plans-huge-securityupdate#ixzz1jcXFjlwx
Computing - Insight for IT leaders Claim your free subscription today.

No comments:

Post a Comment

Top